Glances KVM/QEMU plugin command injection via unsanitized domain names

The Glances KVM/QEMU monitoring engine passes unsanitized VM domain names into f-string command templates processed by secure_popen(), which interprets &&, |, and > as shell operators, allowing command injection.

Any deployment of Glances on a KVM/QEMU hypervisor host where the vms plugin is active, and where an attacker has libvirt domain-creation or domain-rename privileges (e.g., libvirt group members, cloud-platform tenants).

Replace f-string interpolation with list-based argument passing in virsh.py lines 185 and 204, or sanitize domain names using _sanitize_mustache_dict, and consider running Glances under a low-privilege service account.